[mythtv] MythWeb

Jean-Yves Avenard jyavenard at gmail.com
Thu Jan 30 06:30:19 UTC 2014


Hi

On Thursday, January 30, 2014, Paul Gardiner <lists at glidos.net> wrote:

> On 29 January 2014 19:06:22 GMT, Gary Buhrmaster <
> gary.buhrmaster at gmail.com <javascript:;>> wrote:
> >On Wed, Jan 29, 2014 at 6:55 PM, Jay Ashworth <jra at baylink.com<javascript:;>>
> wrote:
> >....
> >> Does Myth *really* want to assume responsibility for public web
> >security?
> >
> >Nope, and neither should the existing MythWeb PHP functions
> >(if you search carefully, you can find people who put MythWeb
> >on the 'net; you could delete all their recordings, and remove
> >all their rules, should one be appropriately so evilly inclined).
>
> I don't think that was the point Jay was making. If you take over port 80,
> then bugs can possibly open up a way to run arbitrary code on the server
> (albeit as mythbackend user). It's far worse than just the loss of some
> recordings. I'm now starting to wonder whether this new approach is a bad
> idea.
>
> I get the wish to avoid rewriting existing cpp code in php, but why not
> provide php veneers over the existing cpp. And surely the new way means
> providing our own versions of parts of apache.
>
>
Why would you need to take over port 80?

That would be very inconvenient to start with.

You could listen on any port, in a similar fashion to tomcat. If you want
integration in another web service such as apache (one that handle
authentication and authorisation), then use something like mod_proxy or a
connector like ajp.

I've been integrating web services like this for years and never had
issues.

You don't even need to worry about encryption on the myth end. Instead have
apache (or whatever else) handle that. The connection between Apache and
the mythbackend server being sent in the clear.

My $0.02
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.mythtv.org/pipermail/mythtv-dev/attachments/20140130/bad136a2/attachment.html>


More information about the mythtv-dev mailing list